Martin Aspeli, on 2009-03-11: > Hi all, > > Right now, when you declare a <permission /> in ZCML, it does not create > a permission. It creates a Zope 3 style IPermission utility, and if this > has a title that matches a Zope 2 style permission, then Five's security > policy will make sure that any Zope 3 code using the permission gets the > right permission checks. But that's it. You can't create new permissions > like this, which I think is what a lot of people expect. > > Well... now you can. I've released collective.autopermission. Simply add > this to your setup.py, and add this line to your configure.zcml: > > <include package="collective.autopermission" /> > > With this in place, your <permission /> ZCML statements will create a > Zope 2 style permission for the 'title' that was declared in ZCML, if > one does not exist already. You can use it in rolemap.xml or in your > code, e.g. with getSecurityManager().checkPermission(). > > The new permission will default to being granted to Manager only. If you > want to change this site-wide, you should use rolemap.xml as normal to > set up permissions at the root of your Plone site. > > One day, I hope this will be unnecessary, if we can push the relevant > changes into Zope/Five. For now, I hope this is useful.
This is certainly useful. I immediately put it to good use in Plone HRM, getting rid of an ugly hack that is now no longer necessary: http://dev.plone.org/collective/changeset/82080 BTW, I made some minor cosmetic changes to collective.autopermission, like fixing HISTORY.txt to list 1.0b1 as initial release instead of 1.0a1. Thanks! -- Maurits van Rees | http://maurits.vanrees.org/ Work | http://zestsoftware.nl/ "This is your day, don't let them take it away." [Barlow Girl] _______________________________________________ Product-Developers mailing list [email protected] http://lists.plone.org/mailman/listinfo/product-developers
